Date: Thu, 13 Sep 2012 16:48:35 -0600
From: Vincent Danen <vdanen@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: information leak in vino
This one is a bit older, not sure why it hasn't been dealt with or
reported earlier, but just copying my text from our bug:
It was reported that vino transmits all clipboard activity to
anything listening on port 5900, including to clients that have not
authenticated. If a user were to have vino enabled (including requiring
authentication), a remote user could access the port and see anything
the user added to the clipboard sent over the port.
To reproduce, enable vino with password protection (i.e. execute
vino-preferences). Connect to the VNC port (either locally or
remotely), for instance:
% nc -4 odvfc17 5900
RFB 003.007
@??zsh: command not found: zsh:@...vdanen@...fc17]
The above two bits of output are from copying in the GNOME terminal,
locally, on the system running vino.
The above was tested with Fedora 17's 3.4.2 version; the report
indicates that 2.32 on Gentoo and 2.28 on Debian are also vulnerable.
References:
https://bugs.gentoo.org/show_bug.cgi?id=434930https://bugzilla.gnome.org/show_bug.cgi?id=678434https://bugzilla.redhat.com/show_bug.cgi?id=857250
I did a quick attempt to reproduce this with 2.13.5 but was unable to
reproduce it, so somewhere between 2.13.5 and 2.28 this became a
problem. I've not dug into it further to see which version introduced
this.
There's no response in the upstream bug either, so no patches are
available that I can see.
--
Vincent Danen / Red Hat Security Response Team